Show Table of Contents
7.13. Disabling SASL Mechanisms
The root dse attribute
supportedSASLMechanisms lists the SASL mechanisms that are currently supported by the Directory Server instance. However, editing that attribute does not change which mechanisms are supported. Directory Server uses the installed Cyrus SASL libraries to generate the list of supported SASL mechanisms. These libraries are located in /usr/lib[64]/sasl2/.
To change the list of SASL mechanisms supported by Directory Server:
- Create a private SASL directory for the Directory Server instance to use. For example:
mkdir /etc/dirsrv/slapd-instance_name/sasl2
- Open that directory.
- Create symlinks from the Cyrus SASL directory plug-ins to the instance directory. For example:
[root@server ~]# cd /etc/dirsrv/slapd-instance_name/sasl2 ; for file in /usr/lib64/sasl2/*.so* ; do ln -s $file done
- Remove the symlinks for the mechanisms that should not be supported in the Directory Server instance. For example:
rm *cram*
- Edit the Directory Server start shell script so that it uses the Directory Server instance's SASL directory.
vim /usr/lib[64]/dirsrv/slapd-example/start-slapd SASL_PATH=/etc/dirsrv/slapd-instance_name/sasl2 ; export SASL_PATH
- Restart the Directory Server.
service dirsrv restart
Note
Cyrus SASL can set a specific list of mechanisms to use for different applications within its own configuration, in a
/usr/lib/sasl/appName.conf file.
For more information, see the Cyrus SASL administrator's documentation at http://cyrusimap.web.cmu.edu/docs/cyrus-sasl/1.5.28/sysadmin.php.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.